package com.vr.xuecheng.auth.config;

import lombok.RequiredArgsConstructor;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;
import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
import org.springframework.security.oauth2.provider.token.TokenEnhancerChain;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;

import java.util.Collections;

/**
 * @author hzh
 * @date 2025/03/29
 */
@Configuration
@RequiredArgsConstructor
public class TokenConfig {
    //对称加密
    @Value("${xuecheng-plus.signing-key}")
    private String singningKey="defualt_key";
    // 单位是秒
    @Value("${xuecheng-plus.access_token_expiration_s}")
    private Integer accessTokenExpirations=7200;
    @Value("${xuecheng-plus.refresh_token_expiration_s}")
    private Integer refreshTokenExpirations=72000;
    //第二步：JWT的存储配置转换
    @Bean
    public TokenStore tokenStore(JwtAccessTokenConverter accessTokenConverter) {
        return new JwtTokenStore(accessTokenConverter());
    }
    //第一步：JWT令牌转换配置密钥
    @Bean
    public JwtAccessTokenConverter accessTokenConverter() {
        JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
        converter.setSigningKey(singningKey);
        return converter;
    }


    //令牌管理服务，这里是认证并把token（jwt）给前端，别的服务导入spring-cloud-starter -security/-oauth2
    //进行令牌的配置jwt然后就可以获取与解析token中的数据了
    //spring-boot-starter-validation是参数校验框架例如不为空，字数要大于多少之类的
    //第三步：配置令牌服务
    @Bean(name = "authorizationServerTokenServicesCustom")
    public AuthorizationServerTokenServices tokenService( ClientDetailsService clientDetailsService,TokenStore tokenStore, JwtAccessTokenConverter accessTokenConverter) {
        DefaultTokenServices service = new DefaultTokenServices();
        //配置客户端详情，应该是内存
        service.setClientDetailsService(clientDetailsService);
        //支持刷新令牌
        service.setSupportRefreshToken(true);
        //令牌存储策略
        service.setTokenStore(tokenStore);
        //令牌增强器
        TokenEnhancerChain tokenEnhancerChain = new TokenEnhancerChain();
        tokenEnhancerChain.setTokenEnhancers(Collections.singletonList(accessTokenConverter));
        service.setTokenEnhancer(tokenEnhancerChain);
        // 令牌默认有效期2小时
        service.setAccessTokenValiditySeconds(accessTokenExpirations);
        // 刷新令牌默认有效期3天
        service.setRefreshTokenValiditySeconds(refreshTokenExpirations);
        return service;
    }
}
